package com.qf.shrio2203.controller;

import com.qf.shrio2203.config.CustomRealm;
import com.qf.shrio2203.user.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@Controller
@RequestMapping("/order")
public class OrderController {


    @GetMapping("/save")
    //@RequiresRoles({"admin","user"})
    @RequiresPermissions("order:get") //  order:save:*要求有以order:save开头的全部的权限
    public String save() {
        return "redirect:/order.html";
    }


    @GetMapping("/manage")
    public String manage() {
        Subject subject = SecurityUtils.getSubject();
        //检查权限
        if (subject.isPermitted("order:get")) {
            System.out.println("ok");
        } else {
            System.out.println("error");
        }


        //检查角色
        if (subject.hasRole("admin")) {
            return "redirect:/order.html";
        } else {
            return "redirect:/error.html";
        }

    }

}
